Choose the best answer for each of the following questions according to the text.
Fighting the War against Computer Crime
1.Virtually every company with a computer is vulnerable tocomputer abuse, crime and accident. Security of the computer and of the information and assets contained within it are therefore of paramount importance to management. Skilled computer criminals can break into a computer system far more easily than an armed robber can gain access to a bank vault, and usually with far less risk of apprehension and punishment. A slight change in a complex program can bring about the misappropriation of thousands of pounds. Accidental erasure of crucial data can paralyse company's operations. Anyone familiar with the necessary procedure can gain access to information stored in the computer, no matter how confidential, and use it for his own purposes.
2.Although the actual extent of computer crime is difficult to measure, most experts agree that it is one of the fastest growing areas of illegal activity. The principal reason for both the growth and the lack of accurate measurement is the difficulty in detecting a well-executed theft. Losses per incident thus tend to be higher than in other types of theft. Once the computer criminal has compromised the system, it is just as easy to steal a great sum as it is to steal a little, and to continue stealing long after the initial theft. Indeed, the computer criminal may find it more difficult to stop his illicit activity than to start it.
3.Computer criminals are, for the most part, well-educated and highly intelligent, and have the analytical skills that make them valued employees. The fact that computer criminals do not fit criminal stereotypes helps them to obtain the positions they require to carry out crimes. Being intelligent, they have fertile imaginations, and the variety of ways in which they use equipment to their advantage is constantly being extended. In addition to direct theft of funds, the theft of data ("program-napping") for corporate espionage or extortion1 is becoming widespread, and can obviously have a substantial effect on a company's finances. Another lucrative scheme, often difficult to detect, involves accumulating fractions pence from individual payroll accounts, with electronic transfer of the accumulated amount to the criminal's payroll. Employers are hardly concerned with pence, much less fractions o£ pence. In addition, of course, the company's total payroll is unaffected. But the cumulative value of fractions of pence per employee in a company with a substantial payroll can add up to a useful gain.
4.Sabotage is also an increasingly common type of computer crime. This can involve disabling the hardware, but is more likely to affect the software. Everyone in the computer business has heard of cases of a “time-bomb” being placed in a program. Typically, the programmer inserts an instruction that causes the computer to destroy an entire personnel data bank, for example, if the programmer's employment is terminated. As soon as the termination data is fed into the system, it automatically erases the entire program.
5.Such acts of sabotage are particularly difficult to prevent because they do not become evident until the trigger is activated — by remote control. But, of course, not all computer losses are attributable to theft or abuse. Simple human error is by far the largest cause of system failure. Data stored on disks or tapes may be accidentally erased, or improper entry of information may introduce errors into the database.This is partly why every newly-created program must undergo extensive debugging.
6.Guarding against computer abuse whether deliberate or accidental involves attention to the following areas: (1) Protection of hardware from physical damage; (2) Protection of software and data.
7.The protection of hardware from accidental or imentional damage is a function of the environment in which the equipment is kept. The computer must be isolated from other company facilities, and access should be strictly controlled. No unauthorized person should ever be admitted to the computer area. Many insurance companies and security firms offer free evaluation of the physical protection of computer installations.
8.The protection of software is a more difficult problem. Some risks are reduced by controlling physical access by unauthorized personnels but most damage to software, accidental and intentional, is caused by those whose jobs require at least some access to the computer. The writer of the program is often the one responsible for its misuse. Programs devised exclusively for a particular company are therefore far more vulnerable to abuse and accident than standard software packages produced by external suppliers.
9.A unique program is both difficult and expensive to replace. Accidental erasure, sabotage, or physical removal of a single disk or tape could mean that a whole system has to be rebuilt, followed by a lengthy testing process. The creators of a custom-made program are almost always company employees, who may or may not have a vested interest in the program's function, and who, in the course of programming, can include virtually any instruction or routine with very little risk of detection. Moreover, they can alter the program at will, and there is little management that one can do to make sure that alterations in a unique program are always legitimate.
10.Systems controlling cash management, financial operations, and personnel and payroll functions offer the greatest potential for individual gain, and are therefore the most common targets for computer crime and sabotage. However, well-proven standard applications software is available for these functions, which are essentially the same for all companies. The programs are written, tested9 documented and maintained independently by organizations which have no vested interest in the operation of the computer, and are unaffected by management's policy decisions. Internal programmers have little need to become thoroughly familiar with a software package, since it is delivered and installed complete. Further, a duplicate program can easily be obtained if the company has any reason to suspect that the software has been compromised.
11.Controls incorporated in software packages are almost always stricter than those built into internally developed systems, because the former must function in a variety of environments. In addition, software packages may provide for different levels and types of access. One user may gain access, via a particular set of codes, just to view the data in the system; but another set of codes altogether may be required to alter data. A means of logging and identifying the source of every access, or change to the system, can also be provided. Each inquiry and update will then be identified by operator and/or terminal, so preventing anonymous access. This both discourages abuse and encourages operators to be conscientious. Because authorized operators are guided in their procedures, errors should be minimized.
12.But even in a controlled physical environment, and with uniform software, security procedures are only effective if they are strictly followed by everyone in the company. It is not unusual to walk into a computer room and find the instructions for gaining access taped to a terminal. Concern for security must permeate the organization if it is to be effective, and that concern needs to be generated from the top.
8.An appropriate antonym of the word"accidental" in Para.7 would be _______.
A、incidental
B、voluntary
C、attentive
D、destructive
【正确答案】:B
【题目解析】:P383
